Registration:Host: Difference between revisions
From Hackepedia
Jump to navigationJump to search
No edit summary |
|||
Line 6: | Line 6: | ||
#What would happen if your users don't register? Do they have any reason to believe you need their personal information other then to sell it for your own personal needs? | #What would happen if your users don't register? Do they have any reason to believe you need their personal information other then to sell it for your own personal needs? | ||
#Are you providing a secure mechanism for them to register? This is most often no. Creating a form on an http webpage is one of the worst offenders. These sites are just screaming they have no idea about information security in the least. If you host a web based registration site, ensure it offers [[SSL]], in the least. | #Are you providing a secure mechanism for them to register? This is most often no. Creating a form on an http webpage is one of the worst offenders. These sites are just screaming they have no idea about information security in the least. If you host a web based registration site, ensure it offers [[SSL]], in the least. | ||
#What happens when the user submits | #What happens when the user submits their registration? A challenge to the reader is to publicly provide your privacy policy regarding how you store their personal data, and what access control you have around their data. | ||
#How long will that data be stored? Does the user have an easy process to remove their personal data from your server(s)? | #How long will that data be stored? Does the user have an easy process to remove their personal data from your server(s)? | ||
Revision as of 13:27, 6 October 2005
Hosting a personal information registration process
You've probably been sent this link because you're either the host of a registration process, or you have a desire to create one. Here are some easy steps in deciding if you should be hosting registration.
- What would happen if your users don't register? Do they have any reason to believe you need their personal information other then to sell it for your own personal needs?
- Are you providing a secure mechanism for them to register? This is most often no. Creating a form on an http webpage is one of the worst offenders. These sites are just screaming they have no idea about information security in the least. If you host a web based registration site, ensure it offers SSL, in the least.
- What happens when the user submits their registration? A challenge to the reader is to publicly provide your privacy policy regarding how you store their personal data, and what access control you have around their data.
- How long will that data be stored? Does the user have an easy process to remove their personal data from your server(s)?
External Reading
Canadian Privacy Act Make sure you read this site if you will have any Canadian users. It is required that you publish a privacy policy that outlines what you will do with the personal information of your Canadian users.